Module: wine Branch: master Commit: 43837ed227b076edcf1e29cb55528a4faa1aa3e3 URL: http://source.winehq.org/git/wine.git/?a=commit;h=43837ed227b076edcf1e29cb55...
Author: Gerald Pfeifer gerald@pfeifer.com Date: Sun Jan 6 18:42:57 2008 +0100
gdi32: Tighten range checking in PlayEnhMetaFileRecord() and remove four useless checks.
---
dlls/gdi32/enhmetafile.c | 12 +++++++----- 1 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/dlls/gdi32/enhmetafile.c b/dlls/gdi32/enhmetafile.c index 081f7c1..150b82a 100644 --- a/dlls/gdi32/enhmetafile.c +++ b/dlls/gdi32/enhmetafile.c @@ -1669,11 +1669,13 @@ BOOL WINAPI PlayEnhMetaFileRecord( const EMRCREATEDIBPATTERNBRUSHPT *lpCreate = (const EMRCREATEDIBPATTERNBRUSHPT *)mr; LPVOID lpPackedStruct;
- /* check that offsets and data are contained within the record */ - if ( !( (lpCreate->cbBmi>=0) && (lpCreate->cbBits>=0) && - (lpCreate->offBmi>=0) && (lpCreate->offBits>=0) && - ((lpCreate->offBmi +lpCreate->cbBmi ) <= mr->nSize) && - ((lpCreate->offBits+lpCreate->cbBits) <= mr->nSize) ) ) + /* Check that offsets and data are contained within the record + * (including checking for wrap arounds). + */ + if ( lpCreate->offBmi + lpCreate->cbBmi > mr->nSize + || lpCreate->offBits + lpCreate->cbBits > mr->nSize + || lpCreate->offBmi + lpCreate->cbBmi < lpCreate->offBmi + || lpCreate->offBits + lpCreate->cbBits < lpCreate->offBits ) { ERR("Invalid EMR_CREATEDIBPATTERNBRUSHPT record\n"); break;